Some time back I set up an IPA replica. The initial setup was successful, but now I see that it is not syncing. It's possible that it has never successfully synced. I suspect that something related to DNS may not be working properly. Advice on debugging and fixing this would be appreciated.
# ipa-replica-manage list -v ipa2.sj.bps ipa1.sj.bps: replica last update status: Error (18) Replication error acquiring replica: Incremental update transient warning. Backing off, will retry update later. (transient warning) last update ended: 1970-01-01 00:00:00+00:00 I think that something related to DNS is not working correctly on my replica. My IPA domain is "ipa.<mycompany>.com". However, the DNS domain used on the network is "sj.bps" and the primary nameserver is not ether of the IPA servers. Both the primary and replica have DNS that works for the "sj.bps" domain to an extent. I can ping using names in the "sj.bps" domain on the replica (ipa2): [root@ipa2 ~]# ping ipa1.sj.bps. PING ipa1.sj.bps (192.168.254.18) 56(84) bytes of data. 64 bytes from ipa1.sj.bps (192.168.254.18): icmp_seq=1 ttl=64 time=0.451 ms ^C --- ipa1.sj.bps ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.451/0.451/0.451/0.000 ms But a local lookup doesn't work: [root@ipa2 ~]# dig @localhost ipa1.sj.bps. ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> @localhost ipa1.sj.bps. ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34740 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ipa1.sj.bps. IN A ;; Query time: 5 msec ;; SERVER: ::1#53(::1) ;; WHEN: Mon Aug 29 20:37:37 EDT 2022 ;; MSG SIZE rcvd: 40 A similar dig command on the primary works: [root@ipa1 ~]# dig @localhost ipa1.sj.bps. ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.9 <<>> @localhost ipa1.sj.bps. ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63201 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ipa1.sj.bps. IN A ;; ANSWER SECTION: ipa1.sj.bps. 2222 IN A 192.168.254.18 ;; AUTHORITY SECTION: sj.bps. 2222 IN NS ns.bps. ;; ADDITIONAL SECTION: ns.bps. 2222 IN A 192.168.254.2 ;; Query time: 0 msec ;; SERVER: ::1#53(::1) ;; WHEN: Mon Aug 29 20:38:34 EDT 2022 ;; MSG SIZE rcvd: 89 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
